Configure Keytab File

NOTE:
Generate the Keytab file in the LDAP and Kerberos configured machine.
  1. The keytab file contains the secret encryption key that is used to decrypt the Kerberos ticket. Generate the keytab file and copy it to the Identity Server.
  2. On the Active Directory server, open a command prompt and enter the following ktpass command:
    ktpass /out <value> /princ <value> /mapuser <value> /pass <value>
    Refer to the following table for parameters
    Parameter
    Value
    Description
    /out
    <outputFilename>
    Define a name for the file, with.keytab as the extension. For example: nidpkey.keytab
    /princ
    <servicePrincipalName> @<KERBEROS_REALM>
    Define the service principal name for Identity Server, then enter @, followed by the Kerberos realm.
    The default Kerberos realm is the Active Directory domain name in all capitals.
    For example: ROCKWELL.LOCAL
    NOTE:
    The Kerberos realm value is case sensitive.
    /mapuser
    <identityServerUser>@<AD_DOMAIN>
    Define the username of Identity Server and the user Active Directory domain name.
    /pass
    <userPassword>
    Define the password for the user.
For example:
ktpass /out srinivas.keytab /princ HTTP/user-pc.rockwell.local@ROCKWELL.LOCAL /mapuser anand@ROCKWELL.LOCAL /pass Password1
  1. Ensure that the above highlighted command is in single line.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.